Be less forgiving about the allowed operators.

author Alan T. DeKok <aland@freeradius.org>

Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)

committer Alan T. DeKok <aland@freeradius.org>

Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)
author Alan T. DeKok <aland@freeradius.org>
Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)
committer Alan T. DeKok <aland@freeradius.org>
Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)
diff --git a/src/modules/rlm_sql/sql.c b/src/modules/rlm_sql/sql.c

index 894c1e53a93cc8e05b3a1f2bdf11c1d82a486ec3..e5e15bc008558d45103666e9645d27ce4db5a54d 100644 (file)
--- a/src/modules/rlm_sql/sql.c
+++ b/src/modules/rlm_sql/sql.c
@@ -375,8 +375,13 @@ int sql_userparse(VALUE_PAIR ** first_pair, SQL_ROW row)
         if (row[4] != NULL && row[4][0] != '\0') {
                 ptr = row[4];
                 operator = gettoken(&ptr, buf, sizeof(buf));
-       }
-       if (operator <= T_EOL) {
+               if ((operator < T_OP_ADD) ||
+                   (operator > T_OP_CMP_EQ)) {
+                       radlog(L_ERR, "rlm_sql: Invalid operator \"%s\" for attribute %s", row[4], row[2]);
+                       return -1;
+               }
+
+       } else {
                 /*
                  *  Complain about empty or invalid 'op' field
                  */
author	Alan T. DeKok <aland@freeradius.org>
	Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Tue, 8 Sep 2009 11:56:54 +0000 (13:56 +0200)